FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
036d6c38-1c5b-11e6-b9e0-20cf30e32f6dBugzilla security issues

Bugzilla Security Advisory

A specially crafted bug summary could trigger XSS in dependency graphs. Due to an incorrect parsing of the image map generated by the dot script, a specially crafted bug summary could trigger XSS in dependency graphs.


Discovery 2016-03-03
Entry 2016-05-17
bugzilla44
< 4.4.12

bugzilla50
< 5.0.3

CVE-2016-2803
https://bugzilla.mozilla.org/show_bug.cgi?id=1253263
22283b8c-13c5-11e8-a861-20cf30e32f6dBugzilla security issues

Bugzilla Security Advisory

A CSRF vulnerability in report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to.


Discovery 2018-02-16
Entry 2018-02-16
bugzilla44
< 4.4.13

bugzilla50
< 5.0.4

CVE-2018-5123
https://bugzilla.mozilla.org/show_bug.cgi?id=1433400
dc2d76df-a595-11e4-9363-20cf30e32f6dBugzilla multiple security issues

Bugzilla Security Advisory

Command Injection

Some code in Bugzilla does not properly utilize 3 arguments form for open() and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes.

Information Leak

Using the WebServices API, a user can possibly execute imported functions from other non-WebService modules. A whitelist has now been added that lists explicit methods that can be executed via the API.


Discovery 2015-01-21
Entry 2015-01-26
bugzilla44
< 4.4.7

CVE-2014-8630
https://bugzilla.mozilla.org/show_bug.cgi?id=1079065
https://bugzilla.mozilla.org/show_bug.cgi?id=1090275
608ed765-c700-11e3-848c-20cf30e32f6dbugzilla -- Cross-Site Request Forgery

A Bugzilla Security Advisory reports:

The login form had no CSRF protection, meaning that an attacker could force the victim to log in using the attacker's credentials. If the victim then reports a new security sensitive bug, the attacker would get immediate access to this bug.

Due to changes involved in the Bugzilla API, this fix is not backported to the 4.0 and 4.2 branches, meaning that Bugzilla 4.0.12 and older, and 4.2.8 and older, will remain vulnerable to this issue.


Discovery 2014-04-17
Entry 2014-04-18
Modified 2014-04-18
bugzilla40
ge 2.0.0 lt 4.4.3

bugzilla42
ge 2.0.0 lt 4.4.3

bugzilla44
ge 2.0.0 lt 4.4.3

CVE-2014-1517
https://bugzilla.mozilla.org/show_bug.cgi?id=713926
9defb2d6-1404-11e4-8cae-20cf30e32f6dbugzilla -- Cross Site Request Forgery

A Bugzilla Security Advisory reports:

Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.


Discovery 2014-07-24
Entry 2014-07-25
bugzilla44
< 4.4.5

CVE-2014-1546
54075861-a95a-11e5-8b40-20cf30e32f6dBugzilla security issues

Bugzilla Security Advisory

During the generation of a dependency graph, the code for the HTML image map is generated locally if a local dot installation is used. With escaped HTML characters in a bug summary, it is possible to inject unfiltered HTML code in the map file which the CreateImagemap function generates. This could be used for a cross-site scripting attack.

If an external HTML page contains a